Google and Malicious behavior messages when HE tunnel running
-
Hello Fellow Netgate Community Memebers,
Can you help?
Does anyone else have issues with Google when you run a HE tunnel broker service?
If I have my IPV6 tunnel running Google doesn't like it. I only get IPV4 natively. I followed the official Netgate guide to set up my IPV6 tunnel but it is like Google doesn't want any tunnels going.
If I turn it off no issues at all.
-
For Setup Guide Ref:
https://docs.netgate.com/pfsense/en/latest/recipes/ipv6-tunnel-broker.html
-
@JonathanLee Unfortunately, this has been a long-standing problem due to increased observed abuse of HE.net Tunnels, and the a perception of inaction (by multiple parties - not just Google) on the part of HE.net's administrators when it comes to management of their tunnel broker service with respect to anti-abuse. Much to that very point, there is a topic on HE.net's own forums that has been around since May of 2023, is 6 pages deep at the time of this post, and still has yet to see a reply from anyone at Hurricane-Electric, nor the matter addressed in any other official or support posting.
-
@Papa-Midnight found it … “ Seeing the same here on multiple third-party sites using google's recaptcha backend. I had to re-enable blocking of AAAA for .google.com and .googleapis.com to temporarily resolve it.”
-
@Papa-Midnight Thank you
-
@JonathanLee No but we’d occasionally see sites blocking connections. I think they saw it as a VPN. For example sports sites I suspect due to country licensing for content. And our throughput was slower, like 30 Mbps.
-
@SteveITS I have it set to only resolve A records and not AAAA for Google but every once in a while the proxy adds a AAAA back in and Google goes hiatus. It is like unbound mixes one up, Netflix also around 2 hours it thinks I have a tunnel again and it is resolving AAAA for a bit.
